1
00:00:03,520 --> 00:00:04,660
Welcome to episode
2
00:00:05,040 --> 00:00:05,540
386
3
00:00:05,919 --> 00:00:09,139
of the Microsoft Cloud IT Pro Podcast recorded
4
00:00:09,199 --> 00:00:11,139
live on October 4, 2024.
5
00:00:11,919 --> 00:00:14,099
This is a show about Microsoft 365
6
00:00:14,400 --> 00:00:16,635
and Azure from the perspective of IT pros
7
00:00:16,635 --> 00:00:18,875
and end users, where we discuss the topic
8
00:00:18,875 --> 00:00:20,875
or recent news and how it relates to
9
00:00:20,875 --> 00:00:24,714
you. Today, we explore 3 powerful tools designed
10
00:00:24,714 --> 00:00:28,095
to improve automation, testing, and security, and modern
11
00:00:28,829 --> 00:00:31,329
and operations workflows with Microsoft 365.
12
00:00:32,350 --> 00:00:35,170
These tools are Maestro, Pester, and ScubaGear.
13
00:00:35,549 --> 00:00:38,829
Whether you're a DevOps engineer, PowerShell enthusiast, or
14
00:00:38,829 --> 00:00:39,810
security professional,
15
00:00:40,190 --> 00:00:42,925
this episode provides insights on how you can
16
00:00:42,925 --> 00:00:45,984
streamline your processes and strengthen your infrastructure
17
00:00:46,445 --> 00:00:49,164
using these powerful tools. Tune in to level
18
00:00:49,164 --> 00:00:51,585
up your automation and security game.
19
00:00:53,885 --> 00:00:55,265
What's my upload? 924
20
00:00:55,920 --> 00:00:56,820
with an upload
21
00:00:58,239 --> 00:00:59,699
of the same, 900.
22
00:01:00,159 --> 00:01:02,239
It is not my Internet. I can confirm
23
00:01:02,239 --> 00:01:03,920
that. When you left and came back, did
24
00:01:03,920 --> 00:01:05,680
I come back? Okay. Let me
25
00:01:06,319 --> 00:01:07,700
I don't know. Technology
26
00:01:08,079 --> 00:01:11,780
woes abound, Ben. Technology woes abound. Yes.
27
00:01:12,134 --> 00:01:14,295
Because back to my Teams issue, your face
28
00:01:14,295 --> 00:01:16,295
is now covered up by my audio panel
29
00:01:16,295 --> 00:01:18,795
where I select my microphone and my speaker
30
00:01:19,015 --> 00:01:19,834
because apparently,
31
00:01:20,375 --> 00:01:22,935
in my tenant, in my client, on my
32
00:01:22,935 --> 00:01:23,435
Mac,
33
00:01:23,894 --> 00:01:24,795
some combination
34
00:01:25,334 --> 00:01:28,189
of them, for whatever reason, if I minimize
35
00:01:28,650 --> 00:01:29,950
my audio
36
00:01:30,250 --> 00:01:30,750
selection
37
00:01:31,369 --> 00:01:31,869
pane
38
00:01:32,329 --> 00:01:35,290
and go click on another window, Teams loses
39
00:01:35,290 --> 00:01:37,290
my audio. Like, completely gone. Telling you, it's
40
00:01:37,290 --> 00:01:37,869
a feature.
41
00:01:39,209 --> 00:01:41,450
It explodes and disappears into thin air and
42
00:01:41,450 --> 00:01:43,174
Scott can no longer hear me. I come
43
00:01:43,174 --> 00:01:45,034
back to Teams, I click the little arrow,
44
00:01:45,094 --> 00:01:47,594
my audio panel drops up, and my audio
45
00:01:47,655 --> 00:01:48,635
magically returns.
46
00:01:49,015 --> 00:01:49,515
Ironically,
47
00:01:49,895 --> 00:01:51,335
with all of this, do you know how
48
00:01:51,335 --> 00:01:52,935
I knew that was an issue when you
49
00:01:52,935 --> 00:01:54,935
couldn't hear me? Besides me, like, waving my
50
00:01:54,935 --> 00:01:56,780
hands and going, is it you? Is it
51
00:01:56,780 --> 00:01:57,840
me? And yeah.
52
00:01:58,219 --> 00:01:59,439
Because my laptop,
53
00:01:59,979 --> 00:02:02,799
my MacBook Pro, and my Mac Studio
54
00:02:03,659 --> 00:02:05,359
both do the same thing,
55
00:02:05,739 --> 00:02:08,300
which means it is not an isolated issue.
56
00:02:08,300 --> 00:02:10,944
At least it's consistently bad. You got that
57
00:02:10,944 --> 00:02:12,484
going for you. I suppose.
58
00:02:12,944 --> 00:02:14,544
The other thing I have noticed though that
59
00:02:14,544 --> 00:02:16,144
seems to be consistent with it is it's
60
00:02:16,144 --> 00:02:18,305
when my audio interface is plugged in. So
61
00:02:18,305 --> 00:02:21,664
this may be a 3 pronged issue between
62
00:02:21,664 --> 00:02:22,164
Teams,
63
00:02:22,704 --> 00:02:24,965
a road Procaster 2 audio interface,
64
00:02:25,540 --> 00:02:26,280
and Mac
65
00:02:26,659 --> 00:02:28,900
OS because I was just on a meeting
66
00:02:28,900 --> 00:02:31,300
right before this and my speaker phone was
67
00:02:31,300 --> 00:02:33,620
working just fine. Although, Teams did crash once
68
00:02:33,620 --> 00:02:35,379
in the middle of main meeting and my
69
00:02:35,379 --> 00:02:37,620
Mac completely crashed and rebooted in the middle
70
00:02:37,620 --> 00:02:39,780
of the meeting. Can't necessarily attribute that to
71
00:02:39,780 --> 00:02:41,574
Teams. That being said,
72
00:02:42,354 --> 00:02:44,435
it was working fine on my USB speaker
73
00:02:44,435 --> 00:02:46,674
phone, and my audio interfaces seems to be
74
00:02:46,674 --> 00:02:48,775
the problem. It was very similar
75
00:02:49,155 --> 00:02:52,034
on my MacBook Pro where it was an
76
00:02:52,034 --> 00:02:54,189
audio interface that it didn't work with, and
77
00:02:54,189 --> 00:02:55,950
it seemed to work better if I use,
78
00:02:55,950 --> 00:02:58,129
like, the built in audio or AirPods.
79
00:02:58,510 --> 00:03:00,510
Either way, it's just weird, and I should
80
00:03:00,510 --> 00:03:02,830
probably submit some feedback, but I honestly have
81
00:03:02,830 --> 00:03:05,469
no idea how to record this to even
82
00:03:05,469 --> 00:03:08,564
submit feedback on how this is broken. I
83
00:03:08,564 --> 00:03:10,724
got no good ideas for you there other
84
00:03:10,724 --> 00:03:13,125
than call up your favorite engineer on the
85
00:03:13,125 --> 00:03:14,824
Teams team and show them.
86
00:03:15,925 --> 00:03:17,284
Let's get on a call. Try and do
87
00:03:17,284 --> 00:03:18,965
a call, but it's gonna be a rough
88
00:03:18,965 --> 00:03:20,485
one. Can we do it in Zoom so
89
00:03:20,485 --> 00:03:23,120
it just works and it's ready to
90
00:03:23,419 --> 00:03:26,719
go. But It's weird. I do have a
91
00:03:26,939 --> 00:03:29,180
ticket open for another Teams issue and that
92
00:03:29,180 --> 00:03:31,180
Teams freezes every time I try to switch
93
00:03:31,180 --> 00:03:31,919
audio devices.
94
00:03:32,300 --> 00:03:34,219
Could be related. End of the story, I
95
00:03:34,219 --> 00:03:36,620
just have some weird audio issues in Teams
96
00:03:36,620 --> 00:03:37,280
right now.
97
00:03:39,104 --> 00:03:41,764
Boy, we'll get it all sorted out, and
98
00:03:43,104 --> 00:03:44,324
we'll we'll figure it out.
99
00:03:44,784 --> 00:03:46,784
Anyhoo, yeah, why why don't we get going
100
00:03:46,784 --> 00:03:48,705
with our day today? Where should we go?
101
00:03:48,705 --> 00:03:51,205
To security and beyond with tools.
102
00:03:51,905 --> 00:03:52,805
We can go
103
00:03:53,569 --> 00:03:56,629
wherever you would like to go. Easy enough.
104
00:03:56,930 --> 00:03:59,810
Alright. So we've been talking about security. We'll
105
00:03:59,810 --> 00:04:01,810
stick with our plans, Scott. We have an
106
00:04:01,810 --> 00:04:04,209
agenda as long as my audio holds out
107
00:04:04,209 --> 00:04:04,870
for you.
108
00:04:05,489 --> 00:04:06,789
Our agenda is
109
00:04:07,344 --> 00:04:09,844
security tools because we have been talking about
110
00:04:10,064 --> 00:04:11,205
security in various
111
00:04:11,824 --> 00:04:12,324
forms,
112
00:04:12,705 --> 00:04:13,205
fashion,
113
00:04:13,584 --> 00:04:14,084
Azure,
114
00:04:14,465 --> 00:04:14,965
Microsoft
115
00:04:15,264 --> 00:04:15,764
365,
116
00:04:17,024 --> 00:04:17,524
Sentinel,
117
00:04:18,305 --> 00:04:18,805
reports,
118
00:04:19,345 --> 00:04:20,165
log analytics,
119
00:04:21,024 --> 00:04:23,729
all of those things. And truth be told,
120
00:04:23,729 --> 00:04:26,229
we started down this path because
121
00:04:26,529 --> 00:04:28,069
we had some questions
122
00:04:28,529 --> 00:04:30,289
from I don't know if it came from
123
00:04:30,289 --> 00:04:31,970
listeners, if it came from Discord, if it
124
00:04:31,970 --> 00:04:34,129
came from a combination of the 2, really
125
00:04:34,129 --> 00:04:36,209
about some of the third party tools that
126
00:04:36,209 --> 00:04:36,709
have
127
00:04:37,250 --> 00:04:37,750
arisen
128
00:04:38,474 --> 00:04:39,134
lately around
129
00:04:40,634 --> 00:04:42,235
I would say a lot of it's security
130
00:04:42,235 --> 00:04:42,735
testing
131
00:04:43,274 --> 00:04:44,254
and hardening,
132
00:04:44,794 --> 00:04:45,294
reporting,
133
00:04:45,834 --> 00:04:49,375
all of that against Microsoft Cloud Environments, and
134
00:04:49,514 --> 00:04:51,034
that led us down like a 4 week
135
00:04:51,034 --> 00:04:53,399
rabbit hole of just built in security. And
136
00:04:53,399 --> 00:04:55,500
we have finally arrived
137
00:04:55,879 --> 00:04:57,819
at a discussion around security tools.
138
00:04:59,080 --> 00:05:01,319
Here we are. We've made it. Which one
139
00:05:01,319 --> 00:05:03,240
would you like to start with? Would you
140
00:05:03,240 --> 00:05:05,175
like to take a pick? Take your pick.
141
00:05:05,334 --> 00:05:08,394
I think there's a bunch of different things
142
00:05:08,534 --> 00:05:10,634
out there that we could potentially
143
00:05:11,095 --> 00:05:12,555
talk about and
144
00:05:13,014 --> 00:05:14,634
take a look at. So when you're thinking
145
00:05:14,694 --> 00:05:16,794
maybe in context of
146
00:05:17,175 --> 00:05:19,129
what are the tools that can help me
147
00:05:19,129 --> 00:05:20,889
do my job, there's certainly things like, we
148
00:05:20,889 --> 00:05:24,170
talked about Sentinel last week, which arguably is
149
00:05:24,170 --> 00:05:26,430
both like a tool and a security service.
150
00:05:26,810 --> 00:05:28,569
You got that whole cloud based SIEM thing
151
00:05:28,569 --> 00:05:31,134
going on. Really, what we're talking about today
152
00:05:31,134 --> 00:05:33,615
is, like, tools that you can install on
153
00:05:33,615 --> 00:05:35,294
your client, and you can run them, and
154
00:05:35,294 --> 00:05:37,235
you can potentially manipulate them
155
00:05:38,254 --> 00:05:39,474
and and move them forward.
156
00:05:40,254 --> 00:05:42,894
That might be something like if anybody's ever
157
00:05:42,894 --> 00:05:44,435
heard of Bloodhound.
158
00:05:45,829 --> 00:05:48,470
There's things like Scuba, the secure cloud business
159
00:05:48,470 --> 00:05:48,970
application
160
00:05:50,310 --> 00:05:50,810
stuff.
161
00:05:51,189 --> 00:05:52,970
And there's also one from
162
00:05:53,589 --> 00:05:57,509
our buddy, Merrill, over on the Azure Cat
163
00:05:57,509 --> 00:05:58,009
team
164
00:05:58,415 --> 00:06:01,615
and the Entra I guess it's EntraID cat
165
00:06:01,615 --> 00:06:02,435
or EntraCat?
166
00:06:02,735 --> 00:06:05,295
Isn't it Microsoft Entra? Aren't we supposed to
167
00:06:05,295 --> 00:06:06,834
always preface it with Microsoft?
168
00:06:07,295 --> 00:06:09,295
I don't know. I can't keep up with
169
00:06:09,295 --> 00:06:10,975
these things. That CAT team. You keep me
170
00:06:10,975 --> 00:06:13,879
honest, Rory. That that that CAT team. So,
171
00:06:14,100 --> 00:06:15,860
Merrill has been busy on the side. He
172
00:06:15,939 --> 00:06:16,980
I think when we had him on the
173
00:06:16,980 --> 00:06:17,480
show
174
00:06:17,860 --> 00:06:19,379
a while back, he talked about a bunch
175
00:06:19,379 --> 00:06:21,060
of the tools he built, and this is
176
00:06:21,060 --> 00:06:23,460
another new tool that he built, which is
177
00:06:23,460 --> 00:06:24,680
called Meister.
178
00:06:25,060 --> 00:06:26,680
So why don't we
179
00:06:27,144 --> 00:06:27,644
start
180
00:06:28,185 --> 00:06:30,204
with Meister as our first
181
00:06:30,664 --> 00:06:32,985
command line, hey, you can pick this up
182
00:06:32,985 --> 00:06:34,824
and run with it kinda tool. There we
183
00:06:34,824 --> 00:06:36,664
go. I think I had an audio glitch,
184
00:06:36,664 --> 00:06:38,284
Scott, because I had to go do something.
185
00:06:39,224 --> 00:06:42,204
Yes. This is out there on GitHub.
186
00:06:42,689 --> 00:06:46,290
And if you're in Discord watching this, we
187
00:06:46,290 --> 00:06:47,970
can have some of it on the screen
188
00:06:47,970 --> 00:06:50,710
too, but we will place the show notes
189
00:06:50,770 --> 00:06:52,629
or place the link
190
00:06:52,930 --> 00:06:55,970
for Maestro in the show notes. This is
191
00:06:55,970 --> 00:06:57,350
a open source project.
192
00:06:57,675 --> 00:06:58,495
It's meister.devin.
193
00:06:59,115 --> 00:07:00,254
It's m a
194
00:07:00,714 --> 00:07:01,534
e s t
195
00:07:01,995 --> 00:07:03,694
e r is, like, the
196
00:07:04,474 --> 00:07:06,954
home page for it, and they have a
197
00:07:06,954 --> 00:07:09,754
lot of instructions, guidance here on how to
198
00:07:09,754 --> 00:07:11,639
get started. So I actually
199
00:07:12,099 --> 00:07:12,599
was
200
00:07:12,979 --> 00:07:16,360
testing this out and using it for
201
00:07:16,819 --> 00:07:19,779
a client today and went through, like, the
202
00:07:19,779 --> 00:07:21,879
whole process of setting it up and doing
203
00:07:22,099 --> 00:07:24,904
an initial run of it in 15 or
204
00:07:24,904 --> 00:07:27,324
20 minutes. So it uses
205
00:07:28,024 --> 00:07:30,024
Pester to do a bunch of tests. So
206
00:07:30,024 --> 00:07:31,704
if you go to the website and go
207
00:07:31,704 --> 00:07:33,324
to the docs and
208
00:07:33,944 --> 00:07:36,204
go to the installation guide,
209
00:07:36,664 --> 00:07:37,724
you install
210
00:07:38,264 --> 00:07:40,579
the Pester module in PowerShell,
211
00:07:41,279 --> 00:07:44,959
and then you install the Meister module. So
212
00:07:44,959 --> 00:07:47,680
this is out in the public PowerShell gallery,
213
00:07:47,680 --> 00:07:49,600
so you can do install module for both
214
00:07:49,600 --> 00:07:53,199
Pester and for Meister. You go create a
215
00:07:53,199 --> 00:07:55,664
directory to run your tests in, and then
216
00:07:55,664 --> 00:07:57,125
you do an install
217
00:07:57,504 --> 00:08:00,245
Meister tests that goes and
218
00:08:00,704 --> 00:08:01,444
pulls certain
219
00:08:01,985 --> 00:08:04,404
modules, certain content down into
220
00:08:04,865 --> 00:08:05,524
that directory.
221
00:08:06,064 --> 00:08:07,664
And then they even have all the connections
222
00:08:07,664 --> 00:08:09,569
in there. So you can go do connect
223
00:08:09,649 --> 00:08:12,210
to Meister, and it'll go connect to your
224
00:08:12,210 --> 00:08:12,710
environment,
225
00:08:13,250 --> 00:08:15,810
may prompt you for some permissions from app
226
00:08:15,970 --> 00:08:18,370
some app permissions. So I will say the
227
00:08:18,370 --> 00:08:20,529
15 to 20 minutes is, like, assuming you're
228
00:08:20,529 --> 00:08:23,235
a global admin, and you can just click
229
00:08:23,235 --> 00:08:25,535
to approve Next, your way through
230
00:08:25,835 --> 00:08:27,915
it. Next your way through, and then do
231
00:08:27,915 --> 00:08:28,975
an invoke Meister.
232
00:08:29,275 --> 00:08:30,714
And then it actually just goes and runs
233
00:08:30,714 --> 00:08:31,535
all the tests.
234
00:08:31,835 --> 00:08:33,835
They also have some optional stuff, so it
235
00:08:33,835 --> 00:08:34,975
includes some optional,
236
00:08:35,595 --> 00:08:36,570
CISA tests,
237
00:08:37,129 --> 00:08:37,629
and
238
00:08:38,090 --> 00:08:41,129
those are skipped if the connections and modules
239
00:08:41,129 --> 00:08:42,889
aren't there. So if you wanna get, like,
240
00:08:42,889 --> 00:08:43,710
the whole
241
00:08:44,730 --> 00:08:45,789
gamut of tests,
242
00:08:46,090 --> 00:08:49,389
you should also go install the AZ module.
243
00:08:49,985 --> 00:08:51,925
And I saw some stuff on here. Realistically,
244
00:08:52,065 --> 00:08:54,325
you don't need all of the AZ module,
245
00:08:54,465 --> 00:08:56,625
but it isn't defined in here what it
246
00:08:56,625 --> 00:08:58,305
needs. Some people are like, can we limit
247
00:08:58,305 --> 00:09:00,384
this so it doesn't take 10 minutes to
248
00:09:00,384 --> 00:09:00,884
install
249
00:09:01,425 --> 00:09:03,105
all of the modules that are part of
250
00:09:03,105 --> 00:09:04,785
AZ and limit it just to what we
251
00:09:04,785 --> 00:09:07,049
need? Probably go figure it out. And then
252
00:09:07,049 --> 00:09:08,750
the Exchange Online Management
253
00:09:09,129 --> 00:09:10,429
module because
254
00:09:11,610 --> 00:09:14,089
Exchange Online is where all the security and
255
00:09:14,089 --> 00:09:14,589
compliance
256
00:09:14,889 --> 00:09:18,409
PowerShell things are, which, again, fascinates me. That's
257
00:09:18,409 --> 00:09:20,804
still all bundled in the Exchange module and
258
00:09:20,804 --> 00:09:23,044
the connection to Exchange Online. But if you
259
00:09:23,044 --> 00:09:23,945
install those,
260
00:09:24,644 --> 00:09:25,865
you'll get some additional
261
00:09:26,644 --> 00:09:30,585
tests that require those additional permissions, those additional
262
00:09:30,644 --> 00:09:31,144
connections
263
00:09:31,764 --> 00:09:34,184
to the cloud. But then you just go
264
00:09:34,709 --> 00:09:37,350
connect to all of those. There's a I
265
00:09:37,350 --> 00:09:38,789
would say there's a couple different ones. There's
266
00:09:38,789 --> 00:09:41,509
a connect dash meister that just does, like,
267
00:09:41,589 --> 00:09:45,029
m 365 connection. If you install Exchange AZ,
268
00:09:45,029 --> 00:09:47,909
you can do a connect meister dash service
269
00:09:47,909 --> 00:09:50,065
all, and it goes and connects
270
00:09:50,684 --> 00:09:52,764
everything. Sorry. My wife just waved at me,
271
00:09:52,764 --> 00:09:54,284
and I don't know where she's going. She's
272
00:09:54,284 --> 00:09:54,784
leaving.
273
00:09:55,324 --> 00:09:56,924
I can't remember if she has Squirrel. Oh,
274
00:09:56,924 --> 00:09:59,245
I know where she's going. Okay. Yes. Absolutely,
275
00:09:59,245 --> 00:10:01,740
squirrel. Anyways, once you connect and invoke it,
276
00:10:01,899 --> 00:10:04,480
it goes and actually just uses PowerShell.
277
00:10:04,860 --> 00:10:06,080
And this is where
278
00:10:06,459 --> 00:10:07,820
we can get into this a little more
279
00:10:07,820 --> 00:10:09,740
scattered about customizing it, but it runs all
280
00:10:09,740 --> 00:10:10,959
those built in tests,
281
00:10:11,659 --> 00:10:14,720
against Exchange, against Azure, security compliance,
282
00:10:15,565 --> 00:10:18,365
spits them all out into that folder you
283
00:10:18,365 --> 00:10:20,445
created. So I should go look at in
284
00:10:20,445 --> 00:10:23,024
that folder that it creates,
285
00:10:23,884 --> 00:10:25,424
it creates like some HTML
286
00:10:25,884 --> 00:10:26,384
files,
287
00:10:27,339 --> 00:10:28,080
it creates
288
00:10:28,700 --> 00:10:31,980
JSON files, it creates some markdown files, but
289
00:10:31,980 --> 00:10:34,399
all of those spit out a really nice
290
00:10:34,539 --> 00:10:37,500
HTML file that gives you a summary of
291
00:10:37,500 --> 00:10:40,379
everything. So for instance, the environment I ran
292
00:10:40,379 --> 00:10:42,214
this against, it ran a 145
293
00:10:42,754 --> 00:10:44,914
different tests. It gives me a dashboard that
294
00:10:44,914 --> 00:10:47,894
says it passed 63 of them. It failed
295
00:10:47,954 --> 00:10:50,274
63 of them, and then there were 19
296
00:10:50,274 --> 00:10:52,274
of them that were not tested. I did
297
00:10:52,274 --> 00:10:55,070
have some issues connecting to Azure in this
298
00:10:55,070 --> 00:10:56,990
particular tenant, which might be some of the
299
00:10:56,990 --> 00:10:59,250
ones not tested. And then if you
300
00:10:59,870 --> 00:11:01,470
it gives you a couple of graphs that
301
00:11:01,470 --> 00:11:05,009
shows categories too around, like, at management policies,
302
00:11:05,870 --> 00:11:06,930
default settings,
303
00:11:07,389 --> 00:11:09,090
consent policy settings,
304
00:11:09,545 --> 00:11:11,945
and then it gives you a list of
305
00:11:11,945 --> 00:11:13,325
all of the different tests
306
00:11:14,264 --> 00:11:18,125
and even what policies against security frameworks
307
00:11:18,504 --> 00:11:20,445
these align with and
308
00:11:21,144 --> 00:11:23,149
if you passed it and you failed it.
309
00:11:23,209 --> 00:11:25,789
So this one, the first one was authentication
310
00:11:25,850 --> 00:11:28,750
math method, FIDO 2 security key state,
311
00:11:29,289 --> 00:11:32,009
and that one was passed. Something else further
312
00:11:32,009 --> 00:11:34,089
down was a FIDO 2 security key and
313
00:11:34,089 --> 00:11:35,070
force key restrictions.
314
00:11:35,404 --> 00:11:37,325
They don't have key restrictions enforced, so that
315
00:11:37,325 --> 00:11:39,245
one was failed. And it'll go through and
316
00:11:39,245 --> 00:11:42,945
look at Microsoft Authenticator settings, MFA settings,
317
00:11:43,644 --> 00:11:44,144
authentication
318
00:11:44,524 --> 00:11:46,544
methods that are enabled and disabled,
319
00:11:47,245 --> 00:11:48,144
admin consent,
320
00:11:48,684 --> 00:11:49,504
app requests,
321
00:11:50,299 --> 00:11:50,799
MFA.
322
00:11:51,980 --> 00:11:53,820
Those are some of the Azure AD ones,
323
00:11:53,820 --> 00:11:56,860
Exchange. It'll look at things like DMARC and
324
00:11:56,860 --> 00:11:59,200
DKIM, SPF on your domains,
325
00:11:59,820 --> 00:12:00,959
external warner
326
00:12:01,419 --> 00:12:04,720
external sender warnings, conditional access policies.
327
00:12:05,445 --> 00:12:06,725
All of those are some of the different
328
00:12:06,725 --> 00:12:09,285
tests that runs. The nice thing is next
329
00:12:09,285 --> 00:12:11,205
to each one by a pass or fail.
330
00:12:11,205 --> 00:12:13,285
It gives you a little view details where
331
00:12:13,285 --> 00:12:15,865
you can click in, and it'll tell you
332
00:12:16,245 --> 00:12:19,044
this one. Activation of global administrator role shall
333
00:12:19,044 --> 00:12:22,259
require approval. Your tenant has active assignments without
334
00:12:22,259 --> 00:12:23,059
a start date.
335
00:12:23,699 --> 00:12:25,940
So this one, there's some global admins that
336
00:12:25,940 --> 00:12:28,259
aren't pinned, they don't have an active start
337
00:12:28,259 --> 00:12:30,679
date, and it gives an explanation.
338
00:12:31,220 --> 00:12:32,679
Then it also gives
339
00:12:32,985 --> 00:12:35,945
remediation actions. So if you wanna go fix
340
00:12:35,945 --> 00:12:39,144
this, here's this one has 9 steps to
341
00:12:39,144 --> 00:12:40,664
go in and fix it, and then it
342
00:12:40,664 --> 00:12:43,784
also gives you related links to Microsoft learn
343
00:12:43,784 --> 00:12:44,284
document
344
00:12:44,664 --> 00:12:46,424
nope. This one goes to the enter admin
345
00:12:46,424 --> 00:12:48,419
center, then it gives you links
346
00:12:49,379 --> 00:12:50,039
to the,
347
00:12:50,820 --> 00:12:52,659
CISA I don't know. What is that? The
348
00:12:52,659 --> 00:12:56,259
number, the virtual number, the article number. This
349
00:12:56,259 --> 00:12:57,000
is 7.6,
350
00:12:57,459 --> 00:13:00,579
highly privileged user access. A link out to
351
00:13:00,579 --> 00:13:01,799
the CISA gov
352
00:13:02,634 --> 00:13:04,654
documentation around this and then
353
00:13:05,034 --> 00:13:06,875
some additional reference links as well. So it
354
00:13:06,875 --> 00:13:08,634
gives you a lot of information, not just
355
00:13:08,634 --> 00:13:10,554
about what you passed and failed, but how
356
00:13:10,554 --> 00:13:13,534
to remediate it and why and where
357
00:13:14,075 --> 00:13:14,975
this particular
358
00:13:15,914 --> 00:13:17,534
best practice or security
359
00:13:18,299 --> 00:13:19,360
guidance comes from.
360
00:13:19,820 --> 00:13:21,500
Yeah. So this is a really cool tool,
361
00:13:21,500 --> 00:13:23,899
and there's a lot of moving pieces, but
362
00:13:23,899 --> 00:13:27,019
all the, like, work has been done for
363
00:13:27,019 --> 00:13:27,919
you by
364
00:13:28,620 --> 00:13:30,620
Merrill and the others who have contributed to
365
00:13:30,620 --> 00:13:32,445
this project alongside them.
366
00:13:33,404 --> 00:13:34,065
You mentioned
367
00:13:34,445 --> 00:13:34,945
that
368
00:13:35,485 --> 00:13:38,865
Pester is a required dependency for this. So
369
00:13:38,924 --> 00:13:39,424
Pester,
370
00:13:39,725 --> 00:13:42,544
for those that haven't run into it, is
371
00:13:43,004 --> 00:13:43,504
a
372
00:13:44,365 --> 00:13:46,205
a I've traditionally used it as like a
373
00:13:46,205 --> 00:13:48,065
unit testing framework for PowerShell,
374
00:13:48,740 --> 00:13:51,860
but it's really like a mocking framework. So
375
00:13:51,860 --> 00:13:54,500
you can go do and potentially write unit
376
00:13:54,500 --> 00:13:55,240
tests for
377
00:13:55,620 --> 00:13:57,159
hey. I have a functions
378
00:13:57,620 --> 00:13:58,120
that
379
00:13:58,659 --> 00:14:00,019
I I don't know. I I wrote a
380
00:14:00,019 --> 00:14:02,579
function that returns the list of 50 US
381
00:14:02,579 --> 00:14:05,174
states, and you wanna make sure that function
382
00:14:05,174 --> 00:14:08,235
actually returns 50 states and not 49,
383
00:14:08,615 --> 00:14:11,575
not 51, not 52, things like that. So
384
00:14:11,575 --> 00:14:13,835
you could write a pester test against
385
00:14:14,375 --> 00:14:16,075
that given function,
386
00:14:16,529 --> 00:14:18,529
and it would tell you basically, hey, does
387
00:14:18,529 --> 00:14:20,209
this thing pass, fail, and what's going on
388
00:14:20,209 --> 00:14:23,329
there? So they're doing a very similar thing.
389
00:14:23,329 --> 00:14:25,669
They've just taken that unit testing mentality
390
00:14:26,529 --> 00:14:27,029
and
391
00:14:27,409 --> 00:14:29,509
applied it to the logic
392
00:14:29,970 --> 00:14:30,470
and
393
00:14:30,914 --> 00:14:34,054
known set of rules for valid or
394
00:14:34,754 --> 00:14:35,815
preferred configuration
395
00:14:36,195 --> 00:14:39,095
for all these items and things like M365
396
00:14:39,714 --> 00:14:41,495
services, like entry ID
397
00:14:42,034 --> 00:14:43,575
or for exchange.
398
00:14:44,350 --> 00:14:46,269
You could extend this out and write your
399
00:14:46,269 --> 00:14:47,330
own tests for,
400
00:14:48,509 --> 00:14:50,529
really, anything that could be managed in PowerShell
401
00:14:50,590 --> 00:14:52,429
or talk to over a REST API because
402
00:14:52,429 --> 00:14:54,110
you can always just do, like, an invoke
403
00:14:54,110 --> 00:14:54,850
web request
404
00:14:55,309 --> 00:14:58,110
on the PowerShell side of things and spin
405
00:14:58,110 --> 00:14:58,769
it up.
406
00:14:59,154 --> 00:15:02,434
So there's this deep set of tests that
407
00:15:02,434 --> 00:15:04,695
you've described, and they're all documented
408
00:15:05,235 --> 00:15:06,934
on the meister.dev
409
00:15:07,794 --> 00:15:10,115
site. So there's a section down at the
410
00:15:10,115 --> 00:15:11,990
very bottom of the docs for test overview,
411
00:15:12,450 --> 00:15:14,129
and you can go in there and actually
412
00:15:14,129 --> 00:15:16,690
look at the individual tests that are run
413
00:15:16,690 --> 00:15:20,230
across these various dimensions for basically, like, Meister
414
00:15:20,290 --> 00:15:23,590
based tests, the CISA tests, anything that coming
415
00:15:24,134 --> 00:15:25,975
is potentially coming out of scuba, things like
416
00:15:25,975 --> 00:15:28,295
that. And you can either run these tests
417
00:15:28,295 --> 00:15:30,695
as is, or you can take them and
418
00:15:30,695 --> 00:15:32,934
you can edit them because these are all
419
00:15:32,934 --> 00:15:35,835
just pester tests that are authored in PowerShell.
420
00:15:36,215 --> 00:15:38,490
So once you wrap your head around the
421
00:15:38,490 --> 00:15:38,990
way
422
00:15:40,009 --> 00:15:41,549
that pester tests are
423
00:15:42,250 --> 00:15:42,750
composed
424
00:15:43,129 --> 00:15:45,450
and how you describe a test and how
425
00:15:45,450 --> 00:15:46,350
you put it together,
426
00:15:46,809 --> 00:15:48,970
and a test can be a a bunch
427
00:15:48,970 --> 00:15:51,210
of different things in pester. It could be
428
00:15:51,210 --> 00:15:51,710
like,
429
00:15:52,074 --> 00:15:52,574
hey,
430
00:15:53,514 --> 00:15:54,735
the mock out of something.
431
00:15:55,195 --> 00:15:57,534
They can do you can do what if
432
00:15:57,834 --> 00:15:59,054
types of things happen.
433
00:15:59,434 --> 00:16:03,134
You can do things like, hey, should this
434
00:16:03,195 --> 00:16:04,254
be this way?
435
00:16:04,580 --> 00:16:06,200
So it has all these kind of descriptive
436
00:16:06,259 --> 00:16:08,840
words that you can write tests in context
437
00:16:09,460 --> 00:16:10,899
of that and and then go ahead and
438
00:16:10,899 --> 00:16:13,059
run them. And then the really cool thing
439
00:16:13,059 --> 00:16:14,820
is so this is all built for you.
440
00:16:14,820 --> 00:16:16,500
This is ready to go and you'd potentially
441
00:16:16,500 --> 00:16:17,320
have to rationalize,
442
00:16:17,779 --> 00:16:19,299
okay, what are the set of tests that
443
00:16:19,299 --> 00:16:21,995
I wanna run and things like that. So
444
00:16:22,054 --> 00:16:24,855
you just mentioned the outputs that come out
445
00:16:24,855 --> 00:16:25,514
of this,
446
00:16:25,815 --> 00:16:27,355
where we have things
447
00:16:27,735 --> 00:16:28,235
like
448
00:16:28,774 --> 00:16:31,654
that markdown file, that HTML file, so all
449
00:16:31,654 --> 00:16:34,910
that context from running the test that then
450
00:16:34,910 --> 00:16:37,629
become makes it actionable and and shows you
451
00:16:37,629 --> 00:16:39,250
the pass fail state of those tests.
452
00:16:39,710 --> 00:16:41,809
The way this thing is set up is
453
00:16:42,029 --> 00:16:43,170
because it's just PowerShell,
454
00:16:43,870 --> 00:16:46,735
you could run it from your laptop, like,
455
00:16:46,735 --> 00:16:48,174
you can run it from your Mac, you
456
00:16:48,174 --> 00:16:49,855
can run it from a Windows box. Like,
457
00:16:49,855 --> 00:16:51,554
it's gonna be in context of,
458
00:16:51,934 --> 00:16:54,335
can you install, like, the Exchange modules if
459
00:16:54,335 --> 00:16:56,254
you wanna do, like, the connectivity with the
460
00:16:56,254 --> 00:16:58,495
testing with Exchange, things like that. Yep. But
461
00:16:58,495 --> 00:17:00,274
because it can run from anywhere,
462
00:17:01,220 --> 00:17:03,720
the other great thing that they've done is
463
00:17:04,259 --> 00:17:06,039
they've put guidance out there
464
00:17:06,419 --> 00:17:07,559
for how to
465
00:17:08,019 --> 00:17:10,900
automate running these things. So if you're gonna
466
00:17:10,900 --> 00:17:12,179
go down the path of saying, hey, let
467
00:17:12,179 --> 00:17:14,099
me run an assessment across my against my
468
00:17:14,099 --> 00:17:14,599
environment,
469
00:17:14,914 --> 00:17:16,194
One of the general things that you would
470
00:17:16,194 --> 00:17:18,855
look for is running that assessment multiple times
471
00:17:18,914 --> 00:17:21,315
and then gauging where you go. Does my
472
00:17:21,315 --> 00:17:24,994
score improve? Does my pass rate improve? Things
473
00:17:24,994 --> 00:17:26,994
like that. So you can take all this
474
00:17:26,994 --> 00:17:29,430
and you can wire it up inside of,
475
00:17:29,670 --> 00:17:30,970
say, Azure DevOps
476
00:17:31,590 --> 00:17:33,610
and an ADO pipeline.
477
00:17:34,630 --> 00:17:37,049
You can run it inside of Azure Automation
478
00:17:37,269 --> 00:17:39,830
where PowerShell can be consumed. You could run
479
00:17:39,830 --> 00:17:40,970
this thing in a container
480
00:17:41,509 --> 00:17:43,965
and just sidecar it and have a container
481
00:17:43,965 --> 00:17:46,285
that spins up, spins down on a defined
482
00:17:46,285 --> 00:17:48,845
schedule, things like that. So you can really
483
00:17:48,845 --> 00:17:51,484
take this and treat it, 1, as a
484
00:17:51,484 --> 00:17:53,325
point in time, k. Give me a snapshot
485
00:17:53,325 --> 00:17:55,565
of my state today, but then you can
486
00:17:55,565 --> 00:17:59,410
also take it and automate it and operationalize
487
00:17:59,789 --> 00:18:01,390
the whole thing end to end if you
488
00:18:01,390 --> 00:18:02,049
want to.
489
00:18:02,670 --> 00:18:03,809
And it's all very
490
00:18:04,269 --> 00:18:04,769
consumable
491
00:18:05,150 --> 00:18:07,150
as far as, like, the reports that it
492
00:18:07,150 --> 00:18:09,309
puts out, so you had that HTML view
493
00:18:09,309 --> 00:18:11,390
up earlier. Yep. It's not like going into
494
00:18:11,390 --> 00:18:13,115
the rich Power BI report with a bunch
495
00:18:13,115 --> 00:18:15,034
of slices or things like that. It's basic
496
00:18:15,034 --> 00:18:15,534
HTML,
497
00:18:16,075 --> 00:18:18,554
but you could just have that running automatically
498
00:18:18,554 --> 00:18:20,654
in the background, say, like, once a week
499
00:18:21,115 --> 00:18:24,394
or once day, whatever your flavor is, and
500
00:18:24,394 --> 00:18:25,214
you could constantly
501
00:18:25,674 --> 00:18:27,454
be checking the output of that HTML.
502
00:18:27,809 --> 00:18:29,250
You can put your manager to it or
503
00:18:29,250 --> 00:18:32,210
your manager's manager, your boss's boss, and they're
504
00:18:32,210 --> 00:18:33,490
gonna be able to figure out what's going
505
00:18:33,490 --> 00:18:36,210
on and see the big blocks for oh,
506
00:18:36,210 --> 00:18:36,950
I had
507
00:18:37,890 --> 00:18:39,269
7 passes yesterday
508
00:18:39,970 --> 00:18:41,110
and 10 failures,
509
00:18:41,615 --> 00:18:42,115
And
510
00:18:42,494 --> 00:18:44,275
today, I've got 10 passes
511
00:18:44,654 --> 00:18:47,075
and 7 failures, so we're incrementally improving.
512
00:18:47,695 --> 00:18:49,955
So I I think from that perspective,
513
00:18:50,335 --> 00:18:51,154
super powerful.
514
00:18:52,894 --> 00:18:55,455
Maryland team have done all the heavy lifting
515
00:18:55,455 --> 00:18:55,955
around
516
00:18:56,359 --> 00:18:59,100
translating best practices across these workloads
517
00:18:59,799 --> 00:19:01,580
from both the lens of Microsoft
518
00:19:01,960 --> 00:19:05,160
and from external entities like CISA. And they've
519
00:19:05,160 --> 00:19:07,000
already written all the mocks and all the
520
00:19:07,000 --> 00:19:08,680
tests out there, and then you can go
521
00:19:08,680 --> 00:19:11,204
in ahead and extend to your heart's content.
522
00:19:11,204 --> 00:19:12,744
Right? So if you don't want that
523
00:19:13,284 --> 00:19:15,605
global admin test run, great. Delete it or
524
00:19:15,605 --> 00:19:17,444
just don't run it. You want to change
525
00:19:17,444 --> 00:19:20,164
the logic of that test so that logic
526
00:19:20,164 --> 00:19:22,724
maybe ignores a couple of your break glass
527
00:19:22,724 --> 00:19:25,299
accounts or things like that, great. Go ahead
528
00:19:25,299 --> 00:19:28,180
and change it. It's just a PowerShell unit
529
00:19:28,180 --> 00:19:30,019
test written in Pester. So as long as
530
00:19:30,019 --> 00:19:32,500
you're adhering to the Pester framework, it's all
531
00:19:32,500 --> 00:19:33,320
very straightforward.
532
00:19:34,259 --> 00:19:37,134
It's super slick, super turnkey. Like, I would
533
00:19:37,134 --> 00:19:39,134
recommend, like, folks, like, even if you're just,
534
00:19:39,134 --> 00:19:41,054
like, a PowerShell geek and you've never done
535
00:19:41,054 --> 00:19:41,554
Pester,
536
00:19:42,095 --> 00:19:44,255
this is a good introduction to Pester as
537
00:19:44,255 --> 00:19:46,335
well, like, without having to go and do
538
00:19:46,335 --> 00:19:48,174
a bunch of other weird stuff on the
539
00:19:48,174 --> 00:19:48,674
side.
540
00:19:52,159 --> 00:19:54,319
Do you feel overwhelmed by trying to manage
541
00:19:54,319 --> 00:19:55,220
your Office 365
542
00:19:55,679 --> 00:19:58,720
environment? Are you facing unexpected issues that disrupt
543
00:19:58,720 --> 00:20:01,440
your company's productivity? Intelligink is here to help.
544
00:20:01,440 --> 00:20:02,960
Much like you take your car to the
545
00:20:02,960 --> 00:20:05,440
mechanic that has specialized knowledge on how to
546
00:20:05,440 --> 00:20:06,819
best keep your car running,
547
00:20:07,125 --> 00:20:09,924
Intelligent helps you with your Microsoft cloud environment,
548
00:20:09,924 --> 00:20:11,384
because that's their expertise.
549
00:20:11,765 --> 00:20:14,085
Intelligent keeps up with the latest updates in
550
00:20:14,085 --> 00:20:16,244
the Microsoft cloud to help keep your business
551
00:20:16,244 --> 00:20:18,484
running smoothly and ahead of the curve. Whether
552
00:20:18,484 --> 00:20:20,484
you are a small organization with just a
553
00:20:20,484 --> 00:20:22,910
few users up to an organization of several
554
00:20:22,910 --> 00:20:24,049
thousand employees,
555
00:20:24,349 --> 00:20:26,349
they want to partner with you to implement
556
00:20:26,349 --> 00:20:29,089
and administer your Microsoft Cloud technology.
557
00:20:29,789 --> 00:20:31,329
Visit them at inteligink.com/podcast.
558
00:20:33,549 --> 00:20:34,769
That's intell
559
00:20:37,404 --> 00:20:37,904
ing.com/podcast
560
00:20:40,684 --> 00:20:42,845
for more information or to schedule a 30
561
00:20:42,845 --> 00:20:44,865
minute call to get started with them today.
562
00:20:45,164 --> 00:20:48,525
Remember, IntelliJunk focuses on the Microsoft cloud, so
563
00:20:48,525 --> 00:20:50,305
you can focus on your business.
564
00:20:52,529 --> 00:20:54,289
So I've started doing this for a couple
565
00:20:54,289 --> 00:20:56,930
clients now of mine, and that's where I've
566
00:20:56,930 --> 00:20:59,569
started even diving into this more as they're
567
00:20:59,569 --> 00:21:02,130
like, hey, Ben. We wanna do, like, weekly
568
00:21:02,130 --> 00:21:04,295
check ins with you, where you go set
569
00:21:04,295 --> 00:21:06,134
this up, you run it, you review the
570
00:21:06,134 --> 00:21:08,234
reports, we meet, we discuss
571
00:21:09,095 --> 00:21:11,575
what failed, what passed, do we wanna do
572
00:21:11,575 --> 00:21:13,255
anything about it, do we want not wanna
573
00:21:13,255 --> 00:21:15,630
do anything about it. And I had a
574
00:21:15,710 --> 00:21:17,549
call with one of my clients today about
575
00:21:17,549 --> 00:21:19,789
it where we looked at this and it's
576
00:21:19,789 --> 00:21:21,549
absolutely our plan is to go in. We're
577
00:21:21,549 --> 00:21:24,210
gonna set this up maybe in Azure Automation,
578
00:21:24,269 --> 00:21:25,410
maybe Azure DevOps.
579
00:21:25,869 --> 00:21:28,430
So this is running on a regular, probably
580
00:21:28,430 --> 00:21:30,612
weekly basis, and there were some of these.
581
00:21:30,612 --> 00:21:33,524
We're like, like, giving your scenario, how your
582
00:21:33,524 --> 00:21:36,565
company works, it's showing failed, but we don't
583
00:21:36,565 --> 00:21:37,065
necessarily
584
00:21:37,365 --> 00:21:39,125
want this one to be failed because you
585
00:21:39,125 --> 00:21:41,444
have a valid reason for it to be
586
00:21:41,444 --> 00:21:43,230
set the way it is. In some of
587
00:21:43,230 --> 00:21:45,650
them, we actually found where they were,
588
00:21:46,269 --> 00:21:47,569
I would say the recommendation
589
00:21:48,029 --> 00:21:49,630
is actually to be a little bit more
590
00:21:49,630 --> 00:21:51,390
open than what they were. There are certain
591
00:21:51,390 --> 00:21:53,710
things that they actually just locked completely down.
592
00:21:53,710 --> 00:21:54,884
They turned it off,
593
00:21:55,765 --> 00:21:57,845
and the best practice is to not actually
594
00:21:57,845 --> 00:21:58,964
have it off, but to have it where,
595
00:21:58,964 --> 00:22:01,204
like, users could request access or it goes
596
00:22:01,204 --> 00:22:02,005
through a workflow that's
597
00:22:02,644 --> 00:22:05,365
technically, we passed it because users, they don't
598
00:22:05,365 --> 00:22:07,605
even have to go through a request because
599
00:22:07,605 --> 00:22:09,900
it's just completely turned off. But going in
600
00:22:09,900 --> 00:22:12,140
and starting to customize this, tweak it, and
601
00:22:12,140 --> 00:22:14,940
building from that a list of here's what
602
00:22:14,940 --> 00:22:16,799
we should do in your environment to
603
00:22:17,100 --> 00:22:18,320
adhere to best practices,
604
00:22:18,779 --> 00:22:20,940
to make sure it's secure. And like you
605
00:22:20,940 --> 00:22:22,220
said, you can do it they have guides
606
00:22:22,220 --> 00:22:24,434
in here, fresh automation, DevOps, and then they
607
00:22:24,434 --> 00:22:27,255
even have one in here for email alerts.
608
00:22:27,315 --> 00:22:29,474
So if you want to email this report
609
00:22:29,474 --> 00:22:30,214
out regularly,
610
00:22:30,835 --> 00:22:32,755
they have Slack alerts. Apparently, we can do
611
00:22:32,755 --> 00:22:34,595
email alerts in Slack alerts, but we can't
612
00:22:34,595 --> 00:22:36,990
do Teams alerts. Maybe that goes back to
613
00:22:36,990 --> 00:22:39,789
our conversation earlier and yeah. We should just
614
00:22:39,789 --> 00:22:42,109
have easy webhooks and we don't. Yep. I'm
615
00:22:42,109 --> 00:22:44,289
saying, yeah. But then even some custom tests.
616
00:22:44,509 --> 00:22:45,170
You could.
617
00:22:45,549 --> 00:22:46,849
Like, you can
618
00:22:47,390 --> 00:22:49,265
at the end of the day, like, this
619
00:22:49,265 --> 00:22:51,825
is a framework that's been prebuilt for you.
620
00:22:51,825 --> 00:22:53,664
They said you just go download it, leverage
621
00:22:53,664 --> 00:22:56,065
it. But then, yeah, because it's all just
622
00:22:56,065 --> 00:22:56,964
a bunch of PowerShell
623
00:22:57,424 --> 00:22:59,825
files. Right? It's just text files. Like, you
624
00:22:59,825 --> 00:23:02,349
can go see it all, you can manipulate
625
00:23:02,349 --> 00:23:06,029
it, and you can turn it into your
626
00:23:06,029 --> 00:23:06,769
own needs.
627
00:23:07,070 --> 00:23:09,730
So where this thing potentially focuses
628
00:23:10,670 --> 00:23:11,170
on,
629
00:23:11,789 --> 00:23:13,730
like, that that Microsoft 365
630
00:23:14,029 --> 00:23:15,549
stack and the things that are going on
631
00:23:15,549 --> 00:23:17,914
there, I think this also fits very nicely
632
00:23:17,914 --> 00:23:19,914
into the world of Azure where maybe you
633
00:23:19,914 --> 00:23:21,914
wanna extend it and you wanna write some
634
00:23:21,914 --> 00:23:23,055
unit tests around
635
00:23:23,515 --> 00:23:24,015
configuration
636
00:23:24,795 --> 00:23:28,075
of your management groups and application of policy
637
00:23:28,075 --> 00:23:30,494
within those management groups. You want to
638
00:23:31,170 --> 00:23:34,710
create something about, like, resource governance, an application
639
00:23:35,009 --> 00:23:35,509
of
640
00:23:36,610 --> 00:23:38,130
the right roles or a known set of
641
00:23:38,130 --> 00:23:40,450
roles in identity and access management. You want
642
00:23:40,450 --> 00:23:42,130
to do, like, a policy test kind of
643
00:23:42,130 --> 00:23:42,630
thing.
644
00:23:43,009 --> 00:23:45,809
It's all there. It's just sitting there waiting
645
00:23:45,809 --> 00:23:47,545
for you to pick it up. And like
646
00:23:47,545 --> 00:23:48,984
I said, as long as you can write
647
00:23:48,984 --> 00:23:52,525
a PowerShell script, you're off to the races.
648
00:23:52,585 --> 00:23:54,205
Yep. Super cool, super
649
00:23:54,585 --> 00:23:57,065
powerful stuff. I've played with Pester in the
650
00:23:57,065 --> 00:23:59,005
past, and I've used it here and there.
651
00:23:59,144 --> 00:24:00,664
I never would have thought to use it
652
00:24:00,664 --> 00:24:01,884
for something like this.
653
00:24:02,265 --> 00:24:04,400
And it's just it makes perfect sense once
654
00:24:04,400 --> 00:24:05,759
you think about it. Oh, yeah. This is
655
00:24:05,759 --> 00:24:07,680
a natural fit. I never would have thought
656
00:24:07,680 --> 00:24:09,279
about it myself, and it's super cool that
657
00:24:09,279 --> 00:24:11,359
Merrill and team did the work to bring
658
00:24:11,359 --> 00:24:12,799
this out into the world. So when you
659
00:24:12,799 --> 00:24:14,720
wanna go help me write some custom tests,
660
00:24:14,720 --> 00:24:16,335
Scott, I already have a list started of
661
00:24:16,335 --> 00:24:18,355
custom tests I wanna write for
662
00:24:18,894 --> 00:24:20,575
my client or like you said, for Azure,
663
00:24:20,575 --> 00:24:22,414
it would be super cool to start writing
664
00:24:22,414 --> 00:24:25,075
some extending this to some of those tests.
665
00:24:25,134 --> 00:24:26,434
It's super
666
00:24:26,894 --> 00:24:27,875
quick to
667
00:24:28,255 --> 00:24:28,950
pick up.
668
00:24:30,149 --> 00:24:32,149
Again, these are all just pesters. So as
669
00:24:32,149 --> 00:24:33,829
long as you understand, like, the keywords for
670
00:24:33,829 --> 00:24:34,329
pester,
671
00:24:35,029 --> 00:24:37,269
you're not writing maybe, like, a function in
672
00:24:37,269 --> 00:24:38,889
PowerShell, but you'll do
673
00:24:39,269 --> 00:24:42,730
you'll describe an action and describe a context
674
00:24:42,789 --> 00:24:43,609
kinda thing.
675
00:24:44,005 --> 00:24:45,765
You can do that. And then they've structured
676
00:24:45,765 --> 00:24:46,984
it in a way where,
677
00:24:47,684 --> 00:24:50,105
they follow pester best practices
678
00:24:50,484 --> 00:24:53,065
where so every pester test
679
00:24:53,365 --> 00:24:55,525
ends with a suffix, like it's just a
680
00:24:55,525 --> 00:24:57,544
PowerShell file like a PS one script,
681
00:24:58,005 --> 00:24:58,825
but it's always
682
00:24:59,149 --> 00:25:01,009
something dot tests dotpsone.
683
00:25:01,869 --> 00:25:04,829
So when you install Meister, there's going to
684
00:25:04,829 --> 00:25:05,329
be,
685
00:25:06,990 --> 00:25:09,630
a folder there for your custom tests. You
686
00:25:09,630 --> 00:25:12,369
can just dump those PowerShell scripts in there,
687
00:25:12,654 --> 00:25:14,115
And as long as they follow
688
00:25:14,654 --> 00:25:15,154
the
689
00:25:16,174 --> 00:25:18,115
the syntax and and what Pester,
690
00:25:18,734 --> 00:25:21,055
expects, right, like that like dot test dot
691
00:25:21,055 --> 00:25:22,115
psone suffix,
692
00:25:22,654 --> 00:25:24,335
those will go ahead and run on your
693
00:25:24,335 --> 00:25:25,474
next run automatically.
694
00:25:25,855 --> 00:25:28,160
Yeah. Even looking to your point about it
695
00:25:28,160 --> 00:25:30,960
being super simple, looking at their guide on
696
00:25:30,960 --> 00:25:33,119
how to write custom tests, the fact that
697
00:25:33,119 --> 00:25:33,859
the documentation
698
00:25:34,160 --> 00:25:36,400
can be this short for adding a custom
699
00:25:36,400 --> 00:25:37,380
test to a file,
700
00:25:37,839 --> 00:25:39,599
I get based on what you're testing for,
701
00:25:39,599 --> 00:25:41,200
you may have to write more PowerShell, but
702
00:25:41,200 --> 00:25:43,494
this is super straight forward to go in
703
00:25:43,494 --> 00:25:45,255
and start implementing your own stuff. The other
704
00:25:45,255 --> 00:25:48,315
thing that's is super cool in here is
705
00:25:48,375 --> 00:25:50,714
there's a bunch of conditional access,
706
00:25:51,095 --> 00:25:53,494
what off What if. What if tests. I
707
00:25:53,494 --> 00:25:55,275
don't know if you had a chance to
708
00:25:55,575 --> 00:25:57,434
look at any of these
709
00:25:58,710 --> 00:26:01,029
and how they compose together, but you can
710
00:26:01,029 --> 00:26:02,250
do things like
711
00:26:02,789 --> 00:26:05,130
do, like, conditional what if statements against
712
00:26:06,230 --> 00:26:09,849
would this user ID be impacted by a
713
00:26:09,910 --> 00:26:11,930
given policy that you've implemented
714
00:26:12,914 --> 00:26:15,955
or things like that. It's, again, just super
715
00:26:15,955 --> 00:26:16,455
turnkey
716
00:26:16,994 --> 00:26:19,394
and super powerful at the same time. Like,
717
00:26:19,394 --> 00:26:21,075
I I I love stuff like this, and
718
00:26:21,075 --> 00:26:23,475
it's all open source, like, it's free. I
719
00:26:23,475 --> 00:26:25,394
I I love that you're picking it up
720
00:26:25,394 --> 00:26:27,575
and running and and taking it to
721
00:26:28,190 --> 00:26:30,670
customers and extending it out that way. That
722
00:26:30,670 --> 00:26:32,990
just shows, like, how kinda turnkey it can
723
00:26:32,990 --> 00:26:34,430
be. I wonder if you could do these
724
00:26:34,430 --> 00:26:36,529
conditional ones. I was looking at the conditional
725
00:26:36,589 --> 00:26:37,650
what if tests
726
00:26:38,109 --> 00:26:38,869
should contain
727
00:26:39,309 --> 00:26:41,085
and I'm guessing there is a way it
728
00:26:41,325 --> 00:26:42,845
queries that, runs the
729
00:26:43,325 --> 00:26:45,644
that blocks Azure. So this is testing if
730
00:26:45,644 --> 00:26:48,865
there's the access there. If you could somehow
731
00:26:48,924 --> 00:26:50,605
test where if you have certain what if
732
00:26:50,605 --> 00:26:53,419
tests, if a user is connecting from a
733
00:26:53,419 --> 00:26:55,679
certain IP address with a certain risk level
734
00:26:55,740 --> 00:26:57,819
to and maybe this is doing this and
735
00:26:57,819 --> 00:26:59,900
I'm not reading it quite right, where in
736
00:26:59,900 --> 00:27:01,919
that report that you get weekly,
737
00:27:02,460 --> 00:27:05,019
did conditional access get changed in a way
738
00:27:05,019 --> 00:27:06,720
that your what if test
739
00:27:07,019 --> 00:27:08,195
starts to
740
00:27:08,634 --> 00:27:11,515
essentially, a contextual access test for a certain
741
00:27:11,515 --> 00:27:14,154
scenario becomes invalid because someone made a change
742
00:27:14,154 --> 00:27:16,154
to it. Would this show a fail in
743
00:27:16,154 --> 00:27:18,174
there where all of a sudden
744
00:27:18,555 --> 00:27:20,894
these users aren't getting prompted for MFA?
745
00:27:21,589 --> 00:27:23,190
Do you know what I'm saying? Where you're
746
00:27:23,190 --> 00:27:24,950
actually testing what ifs as a part of
747
00:27:24,950 --> 00:27:26,869
your weekly run. That's actually what this is
748
00:27:26,869 --> 00:27:28,470
doing. Is that what this is doing? Okay.
749
00:27:28,470 --> 00:27:30,150
If you look under the hood, so this
750
00:27:30,150 --> 00:27:30,809
is using
751
00:27:31,750 --> 00:27:32,250
the
752
00:27:32,710 --> 00:27:36,555
test MT conditional access what if commandlet. Yep.
753
00:27:36,955 --> 00:27:39,535
And that cmdlet is not part of
754
00:27:39,835 --> 00:27:42,715
Meister. That cmdlet is part of the official
755
00:27:42,715 --> 00:27:46,075
tooling that Microsoft gives you for actually it's
756
00:27:46,075 --> 00:27:48,735
like the official what if tool to troubleshoot
757
00:27:48,955 --> 00:27:50,414
conditional access policies
758
00:27:51,210 --> 00:27:52,429
from Microsoft
759
00:27:53,289 --> 00:27:53,789
themselves.
760
00:27:54,650 --> 00:27:55,630
So it's just
761
00:27:56,169 --> 00:27:58,650
it's using the same underlying things, same set
762
00:27:58,650 --> 00:28:01,529
of rest APIs, all that kind of stuff.
763
00:28:01,529 --> 00:28:03,609
So I should have known that. Yeah. This
764
00:28:03,609 --> 00:28:04,750
is super easy.
765
00:28:05,234 --> 00:28:07,575
So if you've ever done what if tests
766
00:28:07,714 --> 00:28:11,154
for conditional access inside of, like, the native
767
00:28:11,154 --> 00:28:13,734
portal experience, then that that's effectively
768
00:28:14,355 --> 00:28:16,355
Yeah. So so that's effectively what you're doing
769
00:28:16,355 --> 00:28:18,440
is you're just running those same tests. You're
770
00:28:18,440 --> 00:28:20,680
just mocking them inside of PowerShell. Got it.
771
00:28:20,680 --> 00:28:22,380
And then you're looking for
772
00:28:23,000 --> 00:28:23,900
in Meister,
773
00:28:24,759 --> 00:28:26,700
when that test runs,
774
00:28:27,240 --> 00:28:30,200
what is the results of that test? Is
775
00:28:30,200 --> 00:28:32,119
it a block? Is it a fail? Is
776
00:28:32,119 --> 00:28:35,454
it ignored? Is it not applied, etcetera? Joshua
777
00:28:35,454 --> 00:28:37,634
Sharfstein: You're basically looking for
778
00:28:38,095 --> 00:28:40,414
a truefalse to come out of the what
779
00:28:40,414 --> 00:28:42,035
if, right? What was the
780
00:28:42,815 --> 00:28:44,515
the expected outcome was pass
781
00:28:44,894 --> 00:28:46,484
or pass fail kind of thing? Yeah. Matthew
782
00:28:46,484 --> 00:28:49,480
Bunnieski: Nifty. Maestro, absolutely something you should go
783
00:28:49,480 --> 00:28:51,799
check out. The other one, let's do a
784
00:28:51,799 --> 00:28:53,880
little bit of a comparison, Scott. We have
785
00:28:53,880 --> 00:28:55,099
a few minutes
786
00:28:55,400 --> 00:28:57,500
ish sort of 5 minutes.
787
00:28:57,880 --> 00:28:59,799
5 minutes? Yeah. Let's do it. Let's push
788
00:28:59,799 --> 00:29:01,605
it. Right push it in it. So this
789
00:29:01,605 --> 00:29:02,984
is another one is
790
00:29:03,285 --> 00:29:05,365
scuba gear. I'm gonna go pull this website
791
00:29:05,365 --> 00:29:07,365
up. Oh, seriously? Let me tell you what
792
00:29:07,365 --> 00:29:09,444
I think about Bastion lately. It's right up
793
00:29:09,444 --> 00:29:12,345
there with Teams for me. Scuba gear is
794
00:29:12,484 --> 00:29:14,164
another one that is out there that I
795
00:29:14,164 --> 00:29:16,105
would say is very similar
796
00:29:16,484 --> 00:29:16,984
to
797
00:29:17,579 --> 00:29:20,640
to Meister, only this one comes straight from
798
00:29:21,259 --> 00:29:23,839
CISA. So they wrote their own
799
00:29:24,380 --> 00:29:24,880
cybersecurity
800
00:29:27,019 --> 00:29:27,519
testing
801
00:29:28,140 --> 00:29:28,640
PowerShell
802
00:29:29,339 --> 00:29:32,220
module that is also open source out there
803
00:29:32,220 --> 00:29:34,194
in GitHub, and it's an assessment tool for
804
00:29:34,194 --> 00:29:36,134
Microsoft 365 tenant configuration
805
00:29:37,315 --> 00:29:37,815
conforming
806
00:29:38,115 --> 00:29:39,494
to the scuba,
807
00:29:40,194 --> 00:29:43,095
which is the security cloud business application
808
00:29:43,954 --> 00:29:44,454
baselines.
809
00:29:44,994 --> 00:29:47,480
And this one is very similar
810
00:29:48,099 --> 00:29:49,539
to Meister and how you set it up
811
00:29:49,539 --> 00:29:51,779
that there's a scuba gear module out there
812
00:29:51,779 --> 00:29:54,180
in the PowerShell gallery. So you go install
813
00:29:54,180 --> 00:29:57,140
module scuba gear, you initialize it, which goes
814
00:29:57,140 --> 00:29:58,680
and downloads all the dependencies.
815
00:29:59,305 --> 00:30:01,224
You can go run, see which version is
816
00:30:01,224 --> 00:30:01,724
included,
817
00:30:02,025 --> 00:30:04,265
and then you invoke scuba gear with the
818
00:30:04,265 --> 00:30:07,164
product names. And I just passed in star,
819
00:30:07,384 --> 00:30:09,785
but you can pass in various product names
820
00:30:09,785 --> 00:30:11,805
and this one is slightly different
821
00:30:12,169 --> 00:30:13,630
in that it does include
822
00:30:14,250 --> 00:30:16,169
I'm just gonna go to it, Scott. Nobody's
823
00:30:16,169 --> 00:30:18,329
looking at this. It includes I have my
824
00:30:18,329 --> 00:30:20,169
tenant name and ID displayed in here. I
825
00:30:20,169 --> 00:30:22,009
was gonna keep it in so nobody knew,
826
00:30:22,009 --> 00:30:24,490
but since nobody's watching it. It includes products,
827
00:30:24,490 --> 00:30:25,470
so this one
828
00:30:25,785 --> 00:30:28,105
reaches a little bit further than Meister does
829
00:30:28,105 --> 00:30:29,705
in some of the tests where it looks
830
00:30:29,705 --> 00:30:31,884
at it still says Azure Active Directory,
831
00:30:32,265 --> 00:30:34,765
enter, but then it looks at Microsoft 365
832
00:30:34,904 --> 00:30:37,545
Defender, it looks at Exchange, it looks at
833
00:30:37,545 --> 00:30:40,205
the Power Platform, SharePoint, and Teams,
834
00:30:40,730 --> 00:30:42,890
and does something similar where it runs tests
835
00:30:42,890 --> 00:30:45,710
and then gives you passed, warnings, failed.
836
00:30:46,410 --> 00:30:49,289
And this one also says manual checks needed
837
00:30:49,289 --> 00:30:50,750
where it couldn't automatically
838
00:30:51,369 --> 00:30:51,869
determine
839
00:30:52,330 --> 00:30:53,710
a certain condition,
840
00:30:54,089 --> 00:30:56,029
and it'll go in and tell you
841
00:30:56,365 --> 00:30:59,265
how to manually check for a certain
842
00:30:59,644 --> 00:31:00,144
security
843
00:31:00,684 --> 00:31:02,845
setting. So same type of thing, spits out
844
00:31:02,845 --> 00:31:03,825
a bunch of HTML
845
00:31:05,164 --> 00:31:05,664
markdown,
846
00:31:06,204 --> 00:31:06,704
etcetera,
847
00:31:07,164 --> 00:31:08,544
to your computer.
848
00:31:08,910 --> 00:31:10,750
So you could also set this up to
849
00:31:10,750 --> 00:31:13,390
run-in a DevOps pipeline or something else. Once
850
00:31:13,390 --> 00:31:14,769
you click on a certain
851
00:31:15,070 --> 00:31:15,570
category,
852
00:31:15,950 --> 00:31:17,250
just pick power platform,
853
00:31:17,549 --> 00:31:20,109
it goes in and says, here's the control
854
00:31:20,109 --> 00:31:21,490
ID for power platform.
855
00:31:22,115 --> 00:31:23,795
What do you want? The ability to create
856
00:31:23,795 --> 00:31:24,855
production in sandbox
857
00:31:25,315 --> 00:31:28,434
environment shall be restricted to admins. Trial environments
858
00:31:28,434 --> 00:31:29,734
are restricted to admins.
859
00:31:30,035 --> 00:31:33,015
DLP policy to restrict connector access.
860
00:31:33,315 --> 00:31:33,815
NondeFAULT
861
00:31:34,275 --> 00:31:36,319
environments should have at least one DLP
862
00:31:36,700 --> 00:31:41,019
policy affecting them. Allow inbound, outbound, connection allow
863
00:31:41,019 --> 00:31:42,319
list should be configured,
864
00:31:43,179 --> 00:31:45,660
content security policies. So it gives you the
865
00:31:45,660 --> 00:31:48,319
same type of thing where a control ID,
866
00:31:48,539 --> 00:31:50,079
what the requirement is,
867
00:31:50,424 --> 00:31:52,445
what the result is, a criticality,
868
00:31:53,065 --> 00:31:53,964
should be done,
869
00:31:54,345 --> 00:31:57,244
shall be done, so recommendation versus
870
00:31:57,865 --> 00:31:58,365
requirement,
871
00:31:58,984 --> 00:32:01,484
and then a few details around
872
00:32:01,785 --> 00:32:03,244
I would say not as many
873
00:32:03,589 --> 00:32:05,589
as Maestro does. Maestro gives you, like, step
874
00:32:05,589 --> 00:32:08,549
by step. Some of these say, under details,
875
00:32:08,549 --> 00:32:10,549
the requirement is not met. So you're gonna
876
00:32:10,549 --> 00:32:12,970
be on your own to go figure out
877
00:32:13,109 --> 00:32:15,349
what do you actually have to do in
878
00:32:15,349 --> 00:32:17,805
this case to go in and configure it.
879
00:32:17,865 --> 00:32:19,565
Other ones do have,
880
00:32:20,184 --> 00:32:22,505
like, the manual check ones. Usually, in the
881
00:32:22,505 --> 00:32:24,825
details, say it doesn't have the capability to
882
00:32:24,825 --> 00:32:28,105
check. Here's some instructions on how to do
883
00:32:28,105 --> 00:32:30,419
the manual check. This one, it also breaks
884
00:32:30,419 --> 00:32:32,279
it up into a bunch of different HTML
885
00:32:32,339 --> 00:32:35,079
files. So, like, Power Platform has its own,
886
00:32:35,380 --> 00:32:36,919
SharePoint has its own,
887
00:32:37,380 --> 00:32:39,559
Entra has its own, Defender has its own.
888
00:32:39,700 --> 00:32:41,779
And when you get into some of the
889
00:32:41,779 --> 00:32:42,704
things like,
890
00:32:43,585 --> 00:32:44,644
Entra specifically,
891
00:32:45,024 --> 00:32:47,505
there's gonna be some redundancy there. What I
892
00:32:47,505 --> 00:32:49,345
have thought would be interesting is to actually
893
00:32:49,345 --> 00:32:50,944
see if you could somehow take some of
894
00:32:50,944 --> 00:32:53,444
these tests that they have in scuba gear
895
00:32:53,505 --> 00:32:55,809
since that's all open source and take Meister
896
00:32:55,809 --> 00:32:57,970
since that's all open source and somehow combine
897
00:32:57,970 --> 00:32:58,630
them to
898
00:32:59,009 --> 00:33:02,289
include maybe some of these additional SharePoint teams
899
00:33:02,289 --> 00:33:05,009
power platform checks into the Meister checks so
900
00:33:05,009 --> 00:33:07,170
I could just have one tool that gives
901
00:33:07,170 --> 00:33:09,110
me everything? Yeah. You could. So
902
00:33:09,570 --> 00:33:10,035
Meister
903
00:33:11,075 --> 00:33:11,894
has a
904
00:33:12,434 --> 00:33:12,934
subset
905
00:33:13,315 --> 00:33:15,875
of the CISA tests in there. Yep. And
906
00:33:15,875 --> 00:33:18,695
those tests are actually coming out of
907
00:33:19,234 --> 00:33:21,875
CISA control IDs, which then all map back
908
00:33:21,875 --> 00:33:22,375
into
909
00:33:22,674 --> 00:33:23,974
the scuba project.
910
00:33:24,599 --> 00:33:27,740
So you're looking at effectively, like, that subset
911
00:33:27,799 --> 00:33:31,579
for SharePoint online, Exchange online, things like that
912
00:33:31,799 --> 00:33:33,400
that come out of CISA. But if you
913
00:33:33,400 --> 00:33:36,920
want, the nice thing that the Meister folks
914
00:33:36,920 --> 00:33:38,779
have done, if you go read their documentation,
915
00:33:39,544 --> 00:33:41,644
so if you hop into the CISA section
916
00:33:42,825 --> 00:33:45,964
for the Meister docs, they will tell you
917
00:33:46,345 --> 00:33:47,565
what they have implemented
918
00:33:47,944 --> 00:33:49,404
and what they haven't implemented.
919
00:33:49,944 --> 00:33:51,784
And in some cases, like, they'll give you
920
00:33:51,784 --> 00:33:54,765
the reason why they haven't turned it on.
921
00:33:55,240 --> 00:33:57,019
And for a lot of this, it's because
922
00:33:57,319 --> 00:33:58,140
they're focused
923
00:33:58,519 --> 00:33:59,019
on
924
00:33:59,559 --> 00:34:02,299
native tooling and kinda what's available to you.
925
00:34:02,440 --> 00:34:04,440
So scuba might go out and use, like,
926
00:34:04,440 --> 00:34:05,099
a nonstandard
927
00:34:05,559 --> 00:34:08,039
way to test for something within a given
928
00:34:08,039 --> 00:34:09,739
service, say, like, SharePoint online,
929
00:34:10,284 --> 00:34:10,784
And
930
00:34:11,324 --> 00:34:12,144
just knowing
931
00:34:12,445 --> 00:34:14,045
and having chatted with Merrill in the past
932
00:34:14,045 --> 00:34:15,164
and things like that, I bet one of
933
00:34:15,164 --> 00:34:17,565
the, like, the guiding principles here is, hey,
934
00:34:17,565 --> 00:34:19,164
this stuff just needs to be, like, in
935
00:34:19,164 --> 00:34:21,244
the graph and ready to go and easily
936
00:34:21,244 --> 00:34:23,085
retrievable. And if it's not, then we'd be
937
00:34:23,085 --> 00:34:24,525
doing it in a nonstandard way, and we
938
00:34:24,525 --> 00:34:25,980
don't really wanna show folks how to do
939
00:34:25,980 --> 00:34:28,260
it in a nonstandard way. I'm sympathetic to
940
00:34:28,260 --> 00:34:29,860
that. So if you go read the Maestro
941
00:34:29,860 --> 00:34:30,360
recommendation,
942
00:34:30,820 --> 00:34:32,820
so you have the page now for system
943
00:34:32,820 --> 00:34:35,940
controls for Microsoft SharePoint online. It'll say, hey,
944
00:34:35,940 --> 00:34:38,904
here's all the control IDs, and it'll just
945
00:34:38,904 --> 00:34:40,344
straight up tell you, like, oh, this one
946
00:34:40,344 --> 00:34:42,344
isn't implemented. And for any of them, you
947
00:34:42,344 --> 00:34:44,105
can just click the control ID, and it'll
948
00:34:44,105 --> 00:34:47,404
take you over to the scuba GitHub site,
949
00:34:47,784 --> 00:34:49,784
and you're just landed into that markdown file.
950
00:34:49,784 --> 00:34:51,304
So you could see, like, what the test
951
00:34:51,304 --> 00:34:52,684
was going to test for
952
00:34:53,289 --> 00:34:54,650
and how it was gonna come out. And
953
00:34:54,650 --> 00:34:56,909
then if you wanted to implement said test,
954
00:34:56,969 --> 00:34:59,049
yeah, you can absolutely do that. But it
955
00:34:59,049 --> 00:35:00,569
would be on you to implement it at
956
00:35:00,569 --> 00:35:02,170
that point. If you really want the world
957
00:35:02,170 --> 00:35:03,369
to be your oyster and have it all
958
00:35:03,369 --> 00:35:04,190
in one place,
959
00:35:04,489 --> 00:35:06,809
potentially some more work to do there. I
960
00:35:06,809 --> 00:35:08,029
I would bet that the
961
00:35:08,574 --> 00:35:10,114
Merrill and the folks who did Meister
962
00:35:10,414 --> 00:35:12,494
wouldn't mind if you just wrote some stuff
963
00:35:12,494 --> 00:35:14,815
up for him and contributed back. It's all
964
00:35:14,815 --> 00:35:17,695
also just on GitHub. Right? This is OSS,
965
00:35:17,695 --> 00:35:19,454
so you can go put a PR in
966
00:35:19,454 --> 00:35:21,295
if you want for a new test, or
967
00:35:21,295 --> 00:35:23,295
if you write a a new, like, really
968
00:35:23,295 --> 00:35:25,750
cool custom test or something like that and
969
00:35:25,750 --> 00:35:27,130
wanna share it with that community,
970
00:35:27,429 --> 00:35:29,269
you could absolutely do that through GitHub and
971
00:35:29,269 --> 00:35:30,789
things like that. Yeah. I may have to
972
00:35:30,789 --> 00:35:32,389
do that. Maybe I have to get involved
973
00:35:32,389 --> 00:35:35,510
in writing some new tests for Maestro and
974
00:35:35,510 --> 00:35:36,885
playing with some of that, submitting some of
975
00:35:36,885 --> 00:35:37,945
that up there because
976
00:35:38,244 --> 00:35:39,765
I agree. If I'm gonna do this, I
977
00:35:39,765 --> 00:35:41,684
might as well submit it so everybody else
978
00:35:41,684 --> 00:35:43,445
can take advantage of it as well. If
979
00:35:43,445 --> 00:35:45,465
you are an m 365
980
00:35:45,844 --> 00:35:46,344
admin,
981
00:35:46,965 --> 00:35:47,465
arguably
982
00:35:49,500 --> 00:35:51,980
an Azure admin, like, you're dependent on Azure
983
00:35:51,980 --> 00:35:54,140
Active Directory, I would totally give this one
984
00:35:54,140 --> 00:35:54,719
a spin.
985
00:35:55,019 --> 00:35:56,699
Spin it up, see what it does. It
986
00:35:56,699 --> 00:35:58,059
doesn't take you long to do. You should
987
00:35:58,059 --> 00:35:59,500
be able to carve out an hour and
988
00:35:59,500 --> 00:36:01,340
do this end to end Yep. Especially if
989
00:36:01,340 --> 00:36:03,434
you're running in, like, deity mode or you
990
00:36:03,434 --> 00:36:05,434
have the ability to elevate yourself into, like,
991
00:36:05,434 --> 00:36:07,355
global admin or something for a limited amount
992
00:36:07,355 --> 00:36:08,715
of time just to make your life a
993
00:36:08,715 --> 00:36:10,635
little bit easier for that first run to
994
00:36:10,635 --> 00:36:12,155
see, like, where you really stand in the
995
00:36:12,155 --> 00:36:12,655
world,
996
00:36:12,954 --> 00:36:14,394
and then you can just go from there.
997
00:36:14,394 --> 00:36:16,635
Awesome. Thanks, Scott. I'm now 5 minutes late
998
00:36:16,635 --> 00:36:18,059
for my next meeting, but
999
00:36:18,539 --> 00:36:19,440
it will be okay.
1000
00:36:20,219 --> 00:36:22,719
Worth it. We will survive. Yes.
1001
00:36:23,260 --> 00:36:25,760
So maybe we'll have some updates later with
1002
00:36:25,820 --> 00:36:27,660
changes we've made, fill you in on what
1003
00:36:27,660 --> 00:36:30,074
Maestro tests I've gotten written lately.
1004
00:36:30,954 --> 00:36:33,275
But I'm with you. Like, these tools, the
1005
00:36:33,275 --> 00:36:35,135
work Merrill has done on this is
1006
00:36:35,514 --> 00:36:37,434
and others, we should say. It is not
1007
00:36:37,434 --> 00:36:39,675
just Merrill. He has collaborated with us on
1008
00:36:39,675 --> 00:36:41,835
a few others as well. So he is
1009
00:36:41,835 --> 00:36:43,949
just the one that we first heard about
1010
00:36:43,949 --> 00:36:45,730
it from, but they have done an outstanding
1011
00:36:45,949 --> 00:36:49,150
job on this this platform, this framework, this
1012
00:36:49,150 --> 00:36:52,130
tool, so absolutely go check it out. Yeah.
1013
00:36:52,190 --> 00:36:54,750
I highly recommend it. Alright. Well, that's Scott.
1014
00:36:54,750 --> 00:36:55,730
Enjoy your weekend.
1015
00:36:56,030 --> 00:36:58,045
Don't work too hard. The weather is actually
1016
00:36:58,045 --> 00:36:59,985
starting to be nice out. Maybe go outside,
1017
00:37:00,204 --> 00:37:01,025
enjoy some
1018
00:37:02,045 --> 00:37:04,364
weather in the eighties. Yeah. I was gonna
1019
00:37:04,364 --> 00:37:05,684
say, I was outside the other day, and
1020
00:37:05,684 --> 00:37:07,244
I was like, it actually feels decent out.
1021
00:37:07,244 --> 00:37:08,445
And I got in the car, and I'm
1022
00:37:08,445 --> 00:37:10,364
like, it's still 85. I guess that means
1023
00:37:10,364 --> 00:37:11,585
I'm getting used to Florida.
1024
00:37:13,059 --> 00:37:14,819
Only took a couple decades, but you're making
1025
00:37:14,819 --> 00:37:16,359
it. Yeah. I'm getting there eventually.
1026
00:37:16,900 --> 00:37:19,059
Alright. Sounds good. Thanks, Ben. Thanks, Scott. We'll
1027
00:37:19,059 --> 00:37:19,880
talk to you later.
1028
00:37:21,619 --> 00:37:23,940
If you enjoyed the podcast, go leave us
1029
00:37:23,940 --> 00:37:26,204
a 5 star rating in iTunes. It helps
1030
00:37:26,204 --> 00:37:27,884
to get the word out so more IT
1031
00:37:27,884 --> 00:37:30,625
pros can learn about Office 365 and Azure.
1032
00:37:31,164 --> 00:37:32,844
If you have any questions you want us
1033
00:37:32,844 --> 00:37:35,085
to address on the show or feedback about
1034
00:37:35,085 --> 00:37:37,404
the show, feel free to reach out via
1035
00:37:37,404 --> 00:37:39,405
our website, Twitter, or Facebook.
1036
00:37:39,885 --> 00:37:41,724
Thanks again for listening, and have a great
1037
00:37:41,724 --> 00:37:42,224
day.
